admin管理员组文章数量:1122832
In a plugin i create a nonce with a time limit of 15 minutes:
function noncelife(){ return 900; }
add_action( 'run_custom_nonce_value', 'custom_nonce_value' );
function custom_nonce_value(){
add_filter( 'nonce_life', 'noncelife' );
$created_nonce = wp_create_nonce('timform_nonce');
remove_filter( 'nonce_life', 'noncelife' );
return $created_nonce;
}
With wp_localize_script i send the nonce to a jquery file enqueued in the plugin:
wp_localize_script( 'timcontact', 'ctfprocessajax', array('ajaxurl' => admin_url('admin-ajax.php'),
'formnonce' => custom_nonce_value() ) );
The ajax function in my jquery file sends all data via admin-ajax.php with the appropriate action name to wp_process_timform.php that contains the send e-mail function.
add_action( 'wp_ajax_toaformsendmail', 'timform_sendmail' );
add_action( 'wp_ajax_nopriv_toaformsendmail', 'timform_sendmail' );
function timform_sendmail() {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (isset($_POST['nonce']) && !empty($_POST['nonce'])){
$nonce = $_POST['nonce'];
} else {
$nonce = '';
}
if(! wp_verify_nonce( $nonce, 'timform_nonce' )){ //always false
echo $nonce; //is identical but does not validate
die( 'Security check' );
} else {
// Send the email.
if (wp_mail($recipient, $subject, $message_send, $headers)) {
// Set a 200 (okay) response code.
http_response_code(200);
echo "<p class=\"timform-okmessage\">Thanks etc.</p>";
} else {
// Set a 500 (internal server error) response code.
http_response_code(500);
echo "Error";
}
die();
}
}
}
The function works perfect without the wp_verify_nonce condition, but with wp_verify_nonce the condition always returns false. Why is this not validating when the nonces are identical? Is wp_verify_nonce not reachable via a plugin?
In a plugin i create a nonce with a time limit of 15 minutes:
function noncelife(){ return 900; }
add_action( 'run_custom_nonce_value', 'custom_nonce_value' );
function custom_nonce_value(){
add_filter( 'nonce_life', 'noncelife' );
$created_nonce = wp_create_nonce('timform_nonce');
remove_filter( 'nonce_life', 'noncelife' );
return $created_nonce;
}
With wp_localize_script i send the nonce to a jquery file enqueued in the plugin:
wp_localize_script( 'timcontact', 'ctfprocessajax', array('ajaxurl' => admin_url('admin-ajax.php'),
'formnonce' => custom_nonce_value() ) );
The ajax function in my jquery file sends all data via admin-ajax.php with the appropriate action name to wp_process_timform.php that contains the send e-mail function.
add_action( 'wp_ajax_toaformsendmail', 'timform_sendmail' );
add_action( 'wp_ajax_nopriv_toaformsendmail', 'timform_sendmail' );
function timform_sendmail() {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (isset($_POST['nonce']) && !empty($_POST['nonce'])){
$nonce = $_POST['nonce'];
} else {
$nonce = '';
}
if(! wp_verify_nonce( $nonce, 'timform_nonce' )){ //always false
echo $nonce; //is identical but does not validate
die( 'Security check' );
} else {
// Send the email.
if (wp_mail($recipient, $subject, $message_send, $headers)) {
// Set a 200 (okay) response code.
http_response_code(200);
echo "<p class=\"timform-okmessage\">Thanks etc.</p>";
} else {
// Set a 500 (internal server error) response code.
http_response_code(500);
echo "Error";
}
die();
}
}
}
The function works perfect without the wp_verify_nonce condition, but with wp_verify_nonce the condition always returns false. Why is this not validating when the nonces are identical? Is wp_verify_nonce not reachable via a plugin?
本文标签: plugin developmentwpverifynonce is always false even when the nonces are identical